Healthcare information has been under HIPAA controls for more than fifteen years now, and healthcare organizations are finally beginning to reach good compliance levels, but other regulations also impact health information privacy and security compliance. In addition to HIPAA, the rules for protecting information related to Substance Use Disorders have been in place since the 1970s, FERPA protects student information, including health and treatment information, various state laws call for protection of information, and now the European Union’s General Data Protection Regulation comes into play for the information of EU residents.
This session is designed to provide intensive, one and a half-day training in healthcare information privacy and security regulatory compliance, touching on the key regulations needing attention today.
The session will cover:
- Principles of Information Privacy and Security
- Privacy, Security, and Breach Notification under HIPAA
- Interactions with the SAMHSA 42 CFR Part 2 regulations on information relating to substance use disorders
- Interactions with the FERPA student information protections for information held by schools
- Determining the scope of your GDPR exposure and issues to address
- HIPAA as a foundation for GDPR compliance
- Challenges with issues today that didn’t even exist a few years ago, such as insecure communications, Ransomware, and social media
This seminar will also explain audits and enforcement, as well as how to respond to privacy and security breaches and how to prevent them. Numerous references and sample documents will be provided.
This Seminar is designed for the healthcare compliance expert and newbie alike who wish to stay up with changes to HIPAA and related regulations in personal information privacy and security, such as GDPR, 52 CFR Part 2, and FERPA, as well as understand the regulatory issues most frequently encountered in day-to-day operation of health care entities. Objectives include learning related to a variety of topics, including:
- Learning about patient rights, such as access and amendment of information, and how such rights are protected and enforced under HIPAA and other rules
- How uses and disclosures may take place under HIPAA in a wide variety of circumstances, including such hot topics as sharing information with the family and friends of a patient, and how those disclosures would be limited by Part 2 rules.
- When FERPA takes over health records in schools, and when HIPAA controls them
- Changes to Substance Use Disorder records confidentiality under 42 CFR Part 2
- The EU General Data Protection Regulation (GDPR) background and scope
- Ensuring individuals have adequate access of their information under the various rules.
- Understanding the limits on Disclosures under the various rules.
- The place of Information Security and incident management using the HIPAA Security and Breach Notification Rules
- Processes to be used in managing security, mitigating risks, and handling incidents
- Proper methods of documentation and training to ensure compliance and help avoid penalties, including the use of internal audits and drills to improve compliance continuously and be prepared for incidents and enforcement investigations
Who will Benefit:
This seminar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The following personnel will find this session valuable:
- Compliance director
- Privacy Officer
- Security Officer
- Information Systems Manager
- HIPAA Officer
- Chief Information Officer
- Health Information Manager
- Healthcare Counsel/lawyer
- Office Manager
- Contracts Manager